Always Encrypted in Entity Framework Core Support

Question

As of EF Core 2.1, Always Encrypted SQL Server feature is not yet supported.

I am using both SQL Server 2016 and Azure SQL and all clients are Windows-based.

• Can we use ADO.NET to achieve this while waiting for the feature to be implemented?
• Is there any third party NuGet or paid component that does so?
• Any other suggestion of how to encrypt few columns in a database with .NET Core 2.1 without rolling my own algorithm while we wait for the EF team to implement it?

Answer 1

Do not role your own implementation. What we ended up doing was creating a separate Windows Classic Desktop class library project in our solution that handled the data layer for the table with encrypted columns. We used Dapper for the ORM in that project and it supported the encrypted columns. It really limited some things we could do since the rest of our data layer was through EF Core but it works.

Since you are using Azure SQL, I would also recommend using the Microsoft Azure Key Vault to store the column master key. See the NuGet package Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider. This NuGet package is also not supported in .NET Core.

Answer 2

This is now supported on .Net Core 3.1, on Lower versions you will have a harder time implmenting it, also see my answer about implementing it on .Net Core 3.1 here: SQL Server Always Encrypted with .NET Core not compatible

See this github issue/comment https://github.com/dotnet/SqlClient/issues/11#issuecomment-520100830

To clarify : Microsoft.Data.SqlClient should be used on .Net Core 3.1